[xmlsec] Strange issue in verify2.c in Xcode on Mac OS X

Ian Hlavats ian at tarantulaconsulting.com
Mon May 5 15:19:46 PDT 2014


That fixed it for me. 

Thanks Aleksey for an excellent library!

On May 6, 2014, at 12:12 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> There is XMLSEC_NO_SIZE_T define on the command line which is usually
> the cause of problems like this.
> 
> Aleksey
> 
> On 5/5/14, 2:48 PM, Ian Hlavats wrote:
>> Hello,
>> 
>> I am trying to run the verify2.c program in Xcode and I noticed a strange issue while debugging the following code:
>> 
>>    /* Verify signature */
>>    if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>>        fprintf(stderr,"Error: signature verify\n");
>>        goto done;
>>    }
>> 
>>    // print status (my code)
>>    xmlSecDSigCtxDebugXmlDump(dsigCtx, stdout);
>> 
>>    /* print verification result to stdout */
>>    if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>>        fprintf(stdout, "Signature is OK\n");
>>    } else {
>>        fprintf(stdout, "Signature is INVALID\n");
>>    }
>> 
>> I am running the program successfully from the command line using a valid XML file with a valid public key with the following arguments:
>> 
>> ./verify2 file.xml rsa_pub.pem
>> 
>> However, while stepping through this code in debug mode in Xcode, I can see the XML digital signature is validated successfully in the output from xmlSecDSigCtxDebugXmlDump(), but the if statement always prints “Signature is INVALID”. Looking at the value of the dsigCtx->status enum, it no longer has the enum value “xmlSecDSigStatusSucceeded" but rather some random number.
>> 
>> Can someone explain to me what could be happening that would cause the status to be lost while returning from the xmlSecDSigCtxVerify() function?
>> 
>> As a workaround, I have added a function to xmldsig.h named xmlSecDSigCtxStatusOK  that simply returns 0 (false) or 1 (true) if the dsigCtx->status is equal to xmlSecDSigStatusSucceeded.
>> 
>> Any help would be appreciated.
>> 
>> Thanks.
>> 
>> Regards,
>> Ian
>> 
>> 
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> 



More information about the xmlsec mailing list